is my network secure?

My network is set up as below;

Could anyone advise as to whether there is anything else I could do to
enhance security?

Bexhill Road 217.204.190.13 - Easynet. ADSL Username is
, Password tungau87 Tel 0800 053 4343

Churchfields 81.174.162.232 - Plusnet. ADSL Username is
password orange. Contact via www.plus.net
<http://www.plus.net/>

Hove 80.229.37.79 - Plusnet. ADSL Username is
password orange. Contact via www.plus.net
<http://www.plus.net/>



External POP3 (email) server mail.demon.net username
stamco password rtrv4GL



FTP Addresses (Web-sites) ukupload.demon.net username stamco
password rtrv4GL (Main stamco.co.uk site)

ftp.plus.net
<ftp://ftp.plus.net/> username stamco password orange
(stamcoshop.co.uk site)



Internal routers;



Bexhill Road 192.168.1.248 Telnet/SSH;
Username kcceng password kcc123

Bexhill Road ADSL 192.168.254.254 Internet Explorer;
Direct connection

Churchfields 192.168.2.248 Telnet/SSH;
Username kcceng password kcc123

Churchfields ADSL 192.168.2.247 Internet Explorer;
blank username password orange

Hove 192.168.3.248 Telnet/SSH; Username
kcceng password kcc123

Hove ADSL 192.168.2.247 Internet Explorer;
blank username password orange



Servers;



STAMCO_ONE administrator
orange

STAMCO_TS1 administrator
orange

Email/Intranet (192.168.1.1) admin
orange (connect either via telnet or http://192.168.1.1:10000
<http://192.168.1.1:10000/> ) - This also controls DHCP

Phone Stats database (192.168.1.244) root
orange (connect via telnet or http://192.168.1.244:10000
<http://192.168.1.244:10000/> ) - Also has redundant DHCP server

K8 (192.168.1.249) kccs
5t4mc0123 or root sta0098

KPRINT kccs
kcc123

Fred

On Sun, 27 Nov 2005 04:52:37 -0000, "Fred" <>
wrote:

>Could anyone advise as to whether there is anything else I could do to
>enhance security?

change all the passwords you have posted.

are you mad, or is that someone else's network.


--
Jim Watt
http://www.gibnet.com

Jim Watt

Fred <> wrote:
> My network is set up as below;
>
> Could anyone advise as to whether there is anything else I could do to
> enhance security?
>
> Bexhill Road 217.204.190.13 - Easynet. ADSL Username is
> , Password tungau87 Tel 0800 053 4343

What kind of joke is this? Someone trying to take out one of their
enemies?

Joachim

jKILLSPAM.schipper@math.uu.nl

The Accounts are all real.... holy ****...

are you high? omfg!
--
MFG
Christian Fuß, replica-solutions.de
( Linux, Poetry, Community 4 everyone, International German/English )

=?iso-8859-1?q?Christian_Fu=DF?=

Christian Fuß wrote:
> The Accounts are all real.... holy ****...
>
> are you high? omfg!

the web site is still up and looks untouched. Was the FTP address u/n
p/w valis as well? I can't look from the UK because of the computer
misuse act lol. It's a business site!

lol My bet is a manager who was just fired

martin

On Sun, 27 Nov 2005 20:05:02 +0000, martin <> wrote:

>Christian Fuß wrote:
>> The Accounts are all real.... holy ****...
>>
>> are you high? omfg!
>
>the web site is still up and looks untouched. Was the FTP address u/n
>p/w valis as well? I can't look from the UK because of the computer
>misuse act lol. It's a business site!
>
>lol My bet is a manager who was just fired

If so he deserves to be, and worse.

However, looking at their wensite it seems they had a problem with
a spammer using their address, so maybe this is his way of 'paying
them back'

I've notified them, the rest is their problem. Dunno how hot the
Sussex police are on computer crime, but if you live in the UK
I'd refrain from trying any of those uid's
--
Jim Watt
http://www.gibnet.com

Jim Watt

Jim Watt wrote:
> On Sun, 27 Nov 2005 20:05:02 +0000, martin <> wrote:
>
>
>>Christian Fuß wrote:
>>
>>>The Accounts are all real.... holy ****...
>>>
>>>are you high? omfg!
>>
>>the web site is still up and looks untouched. Was the FTP address u/n
>>p/w valis as well? I can't look from the UK because of the computer
>>misuse act lol. It's a business site!
>>
>>lol My bet is a manager who was just fired
>
>
> If so he deserves to be, and worse.
>
> However, looking at their wensite it seems they had a problem with
> a spammer using their address, so maybe this is his way of 'paying
> them back'
>
> I've notified them, the rest is their problem. Dunno how hot the
> Sussex police are on computer crime, but if you live in the UK
> I'd refrain from trying any of those uid's

I'm not going to even attempt to try the uid's, I AM going to be on the
phone to them at 7:30 tomorrow when they open shop, might get a new
client out of them

I'm in Sussex, so they're almost local. I'll post back

martin

On Sun, 27 Nov 2005 22:07:23 +0000, martin <> wrote:

>Jim Watt wrote:
>> On Sun, 27 Nov 2005 20:05:02 +0000, martin <> wrote:
>>
>>
>>>Christian Fuß wrote:
>>>
>>>>The Accounts are all real.... holy ****...
>>>>
>>>>are you high? omfg!
>>>
>>>the web site is still up and looks untouched. Was the FTP address u/n
>>>p/w valis as well? I can't look from the UK because of the computer
>>>misuse act lol. It's a business site!
>>>
>>>lol My bet is a manager who was just fired
>>
>>
>> If so he deserves to be, and worse.
>>
>> However, looking at their wensite it seems they had a problem with
>> a spammer using their address, so maybe this is his way of 'paying
>> them back'
>>
>> I've notified them, the rest is their problem. Dunno how hot the
>> Sussex police are on computer crime, but if you live in the UK
>> I'd refrain from trying any of those uid's
>
>I'm not going to even attempt to try the uid's, I AM going to be on the
>phone to them at 7:30 tomorrow when they open shop, might get a new
>client out of them
>
>I'm in Sussex, so they're almost local. I'll post back

You can mail me via the response form on my website,
I used to live in Haywards Heath but escaped via LGW

Checking the external addresses they are not responding so maybe
someone has caught on already.
--
Jim Watt
http://www.gibnet.com

Jim Watt

Thanks for the attention on this guys,

Our tripwire system picked up an intrusion attempt onto our main server and
alerted me at 02:00 this morning.

It loooks as though someone found a way into our network and discovered an
email to our new network admin giving passwords etc.

I have changed all passwords and am in the processof changing usernames/IP
addressess.

Log files are being sent to Sussex Police. As a result of this, I would
recommend not attempting to connect on any of the IPs listed.

Many thanks for you attention on this guys.

Roy Penfold
IT Manager
STAMCO Timber
"Jim Watt" <_way> wrote in message
news:...
> On Sun, 27 Nov 2005 22:07:23 +0000, martin <> wrote:
>
>>Jim Watt wrote:
>>> On Sun, 27 Nov 2005 20:05:02 +0000, martin <> wrote:
>>>
>>>
>>>>Christian Fuß wrote:
>>>>
>>>>>The Accounts are all real.... holy ****...
>>>>>
>>>>>are you high? omfg!
>>>>
>>>>the web site is still up and looks untouched. Was the FTP address u/n
>>>>p/w valis as well? I can't look from the UK because of the computer
>>>>misuse act lol. It's a business site!
>>>>
>>>>lol My bet is a manager who was just fired
>>>
>>>
>>> If so he deserves to be, and worse.
>>>
>>> However, looking at their wensite it seems they had a problem with
>>> a spammer using their address, so maybe this is his way of 'paying
>>> them back'
>>>
>>> I've notified them, the rest is their problem. Dunno how hot the
>>> Sussex police are on computer crime, but if you live in the UK
>>> I'd refrain from trying any of those uid's
>>
>>I'm not going to even attempt to try the uid's, I AM going to be on the
>>phone to them at 7:30 tomorrow when they open shop, might get a new
>>client out of them
>>
>>I'm in Sussex, so they're almost local. I'll post back
>
> You can mail me via the response form on my website,
> I used to live in Haywards Heath but escaped via LGW
>
> Checking the external addresses they are not responding so maybe
> someone has caught on already.
> --
> Jim Watt
> http://www.gibnet.com

Roy Penfold

Roy Penfold wrote:
> Thanks for the attention on this guys,
>
> Our tripwire system picked up an intrusion attempt onto our main server and
> alerted me at 02:00 this morning.
>
> It loooks as though someone found a way into our network and discovered an
> email to our new network admin giving passwords etc.
>
> I have changed all passwords and am in the processof changing usernames/IP
> addressess.
>
> Log files are being sent to Sussex Police. As a result of this, I would
> recommend not attempting to connect on any of the IPs listed.
>
> Many thanks for you attention on this guys.
>
> Roy Penfold
> IT Manager
> STAMCO Timber

doh!

martin